Home Tools Exploits & CVE's Faculty Evaluation System 1.0 Cross Site Scripting

Faculty Evaluation System 1.0 Cross Site Scripting

December 22, 2020

754

Faculty Evaluation System version 1.0 suffers from a persistent cross site scripting vulnerability.

# Exploit Title: Faculty Evaluation System 1.0 - Stored XSS
# Exploit Author: Vijay Sachdeva (pwnshell)
# Date: 2020-12-22
# Vendor Homepage: https://www.sourcecodester.com/php/14635/faculty-evaluation-system-using-phpmysqli-source-code.html
# Software Link: https://www.sourcecodester.com/download-code?nid=14635&title=Faculty+Evaluation+System+using+PHP%2FMySQLi+with+Source+Code
# Tested on Kali Linux

Step 1: Log in to the application with admin credentials

Step 2: Click on Questionnaires, then click "Action" for any Academic Year
and then click manage.

Step 3. Input "<script>alert("pwnshell")</script>" in "Question" field of
the Question form.

Step 4. Click on "Save" when done and this will trigger the Stored XSS
payloads. Whenever you click on Questionnaires, click action for any
academic year, and then manage,  your XSS Payloads will be triggered for
that "Academic Year"

Faculty Evaluation System 1.0 Cross Site Scripting

Follow us on Instagram @thecyberpost

EDITOR PICKS

PrusaSlicer 2.6.1 Arbitrary Code Execution

AMPLE BILLS 0.1 SQL injection

WBCE 1.6.0 SQL Injection

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

Concepts Informatics CMS 7 SQL Injection

Buffalo TeraStation Network Attached Storage (NAS) 1.66 Authentication Bypass

SolarView Compact 6.0 Command Injection